phpday 2025 - Call For Papers

md5

(PHP 4, PHP 5, PHP 7, PHP 8)

md5Calculate the md5 hash of a string

Warning

It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm. See the Password Hashing FAQ for details and best practices.

Description

md5(string $string, bool $binary = false): string

Calculates the MD5 hash of string using the » RSA Data Security, Inc. MD5 Message-Digest Algorithm, and returns that hash.

Parameters

string

The string.

binary

If the optional binary is set to true, then the md5 digest is instead returned in raw binary format with a length of 16.

Return Values

Returns the hash as a 32-character hexadecimal number.

Examples

Example #1 A md5() example

<?php
$str
= 'apple';

if (
md5($str) === '1f3870be274f6c49b3e31a0c6728957f') {
echo
"Would you like a green or red apple?";
}
?>

See Also

add a note

User Contributed Notes 2 notes

up
15
yiminrong at yahoo dot ca
3 years ago
Regarding Ray Paseur's comment, the strings hash to:

0e462097431906509019562988736854
0e830400451993494058024219903391

The odds of getting a hash exactly matching the format /^0+e[0-9]+$/ are not high but are also not negligible.

It should be added as a general warning for all hash functions to always use the triple equals === for comparison.

Actually, the warning should be in the operators section when comparing string values! There are lots of warnings about string comparisons, but nothing specific about the format /^0+e[0-9]+$/.
up
5
Ray.Paseur sometimes uses Gmail
6 years ago
md5('240610708') == md5('QNKCDZO')

This comparison is true because both md5() hashes start '0e' so PHP type juggling understands these strings to be scientific notation. By definition, zero raised to any power is zero.
To Top